The phishing-as-a-service platform Kali365 has expanded its targeting capabilities beyond Microsoft 365 to include AWS, Okta, and Russian online services, utilizing device code phishing techniques that can bypass multifactor authentication. This evolution poses a significant threat to digital identities and enterprise security across various sectors and regions.
The expansion of the phishing-as-a-service platform Kali365, now targeting AWS, Okta, and other platforms beyond Microsoft 365, underscores the urgent need to enhance security awareness training and monitoring for device code phishing. This attack method bypasses MFA by exploiting OAuth token captures, highlighting a significant vulnerability in the authentication process for devices without full browsers. Security teams should prioritize implementing detection mechanisms for suspicious OAuth activities and consider the risks associated with device code authorization to mitigate this growing threat.